# Microsoft Intune Integration
The integration between Microsoft Intune and Asset Panda streamlines device and asset tracking and management. Key fields and options include:
* **Device Type**: Sync and import assets based on their specific type.
* **Device Configuration**: Track devices as "Company Owned" or "Company Managed."
* **Asset Panda Management**: Manage synced devices within Asset Panda for real-time updates and consistency.
The integration supports actions such as retiring devices (removing them from the system while retaining historical records), wiping data (without affecting Asset Panda), deleting devices (removing them from both Intune and Asset Panda), and remotely locking devices. This ensures smooth data synchronization and accurate asset management across both platforms.\
The integration supports both one-way and two-way synchronization. Device data can be fetched from Microsoft Intune into Asset Panda, and supported fields can also be updated from Asset Panda back to Intune.
**Note**: Two-way sync is limited to supported fields only.
To seamlessly integrate Microsoft Intune with Asset Panda and streamline your asset management process:
1. **Enable Microsoft Intune Integration**: Connect your Microsoft Intune account to Asset Panda to fetch device data.
2. **Configure Asset Panda Integration**: Map the Intune device data fields within Asset Panda for accurate synchronization.
3. **Sync Devices and Data**: Sync your devices between Intune and Asset Panda, ensuring up-to-date tracking and consistency.
Prerequisites
Before integrating Microsoft Intune with Asset Panda, ensure the following requirements are in place:
* An active Asset Panda subscription.
* A Microsoft Azure Active Directory (AAD) deployment within your organization.
* Administrator access to both Microsoft Azure and Asset Panda platforms.
* Required permissions to register applications, generate secrets, and grant API access in Azure.
{% hint style="info" %}
***Note**: It’s strongly recommended that one of the fields in Microsoft Intune contains unique values that directly match a corresponding field in Asset Panda.*\
\
\&#xNAN;*A common best practice is to use the Serial Number field as a unique match, assuming it’s already tracked and marked unique in Asset Panda. This prevents duplication by ensuring that synced devices update existing records instead of creating new ones.*\
\
\&#xNAN;*Additionally, ensure that the relevant collections and fields already exist in Asset Panda. If data is synced into a non-existent field, the integration may not be completed successfully.*
{% endhint %}
***
## Setting up Microsoft Intune in Azure
### Register a New Application in Azure
1. Open a web browser and go to [**Azure Portal**](https://portal.azure.com/).
2. Sign in using your **Azure administrator** credentials.
3. In the search bar at the top, type **App Registrations** and select it from the results.
4. Click on **+ New Registration**.
5. Enter a name for your application (e.g., `Intune Integration`).
6. Under **Supported account types**, select:
* **Accounts in this organizational directory only (Single tenant)**.
7. Click **Register** to create the application.
***
### Retrieve Required IDs
1. After registration, go to the **Application Overview** page.
2. Copy the following values for later use:
* **Application (Client) ID**
* **Directory (Tenant) ID**
* **Object ID**
***
### Generate Client Secret
1. In the left-hand navigation menu, click **Certificates & Secrets**.
2. Under the **Client secrets** section, click **+ New client secret**.
3. In the **Description** field, enter a name (e.g., `Intune Secret`).
4. Under **Expires**, select a validity period (e.g., 6 months, 1 year, etc.).
5. Click **Add** to generate the client secret.
6. Copy the **Value** (not the Secret ID).
{% hint style="danger" %}
***Warning:** You will only see the secret **value** once. Store it safely for later use.*
{% endhint %}
***
### Assign API Permissions in Azure
1. To allow integration with Intune, the application needs API permissions.
2. Go back to the **Azure Portal**.
3. In the left-hand menu, click **API Permissions**.
* The default **User.Read** permission should already be listed.
4. Click **+ Add a permission**.
5. In the **Request API permissions** window, select **Microsoft Graph**.
6. Click **Application Permissions**.
7. Expand **DeviceManagementManagedDevices** and select:
* User.Read.All
* Group.Read.All
* `DeviceManagementManagedDevices.PrivilegedOperations.All`
* `DeviceManagementManagedDevices.ReadWrite.All`
8. Expand **DeviceManagementApps** and select:
* `DeviceManagementApps.Read.All`
9. Click **Add Permissions**.
***
### Grant Admin Consent
1. On the **API Permissions** page, click **Grant admin consent for \**.
2. A confirmation dialog will appear—click **Yes** to proceed.
3. Ensure that the **Status** column for all permissions now shows **Granted**.
4. The following details will be required when setting up **Asset Panda Integration with Microsoft Intune**:
* **Application (Client) ID** → Used as **Client ID** in Asset Panda.
* **Directory (Tenant) ID** → Used as **Tenant ID** in Asset Panda.
* **Object ID** → Used as **Application Object ID** in Asset Panda.
* **Client Secret (Value)** → Used as **Client Secret** in Asset Panda.
***
## Setting up Microsoft Intune in Asset Panda
1. Log into Asset Panda. Go to **Settings** > **Account** **Management**.
2. To proceed with the configuration, click **Manage** for the respective module.
3. Open the **Integrations Module** for the desired account.
4. Switch to the **Integrations Store Tab**.
5. You need to authenticate Asset Panda with Microsoft Intune. To establish a secure connection, enter the required credentials:\
\
In the Microsoft Intune Integration section, enter the following details:
* Client ID
* Client Secret
* Application Object ID
* Tenant ID
{% hint style="info" %}
***Note:** These details were copied during the **Microsoft Intune Account Registration** in Azure. Refer back to those values when entering them here.*
{% endhint %}
6. Click **Test and Save Connection** to verify authentication.
7. Click **Continue mapping**.
***Note:** Before configuring field mapping, complete the initial setup by:*
* *Providing a **name for the mapping***
* *Selecting the relevant **Asset Panda collection** to receive the data*
* *Choosing the appropriate **external entity** from Microsoft Intune.*
***
## Configure Data Mapping and Filtering
During integration, Microsoft Intune fields must be mapped to corresponding Asset Panda fields to ensure accurate data synchronization. Proper mapping prevents duplication and ensures that device records are updated correctly within Asset Panda.
**Understanding Unique Identifiers**
A unique identifier is a field that remains constant for each record, ensuring accurate data syncing and preventing duplicates between Microsoft Intune and Asset Panda. Common examples include Intune Device ID or Serial Number, depending on the type of data being mapped.
Selecting the correct unique identifier is essential for accurate record matching. Use:
* **Intune Device ID** for most environments, as it is system-assigned and consistent.
* **Serial Number** if your organization tracks it as a unique field in Asset Panda and it is reliably populated.
Do not use fields like Device Name, User Email, or Compliance Status as unique identifiers, as they can change over time or may not be unique, leading to sync errors.
1. In the Mapping section, locate the *Microsoft Intune* fields from Intune.
2. Map the Asset Panda field from Microsoft Intune to the relevant column in your Asset Panda system.
3. Click **Save**.
{% hint style="info" %}
**Info:** Setting up an automation ensures data stays up to date by syncing records at scheduled intervals.
{% endhint %}
### Two-Way Sync (Asset Panda → Microsoft Intune)
Asset Panda supports **two-way synchronization with Microsoft Intune**, allowing updates made in Asset Panda to be pushed back to Intune.
#### Enabling Two-Way Sync
Two-way sync is optional and requires a separate mapping:
1. Create a new mapping
2. Select **Sync Direction: Asset Panda → Microsoft Intune**
3. Map supported fields
4. Save the mapping
5. Run sync via manual or scheduled automation
***
#### Supported Fields
Only the following Intune-editable fields are supported:
* Managed Device Name
* Notes
* Ownership
***
#### Sync Behavior
* Triggered via **manual run or scheduled automation**
* Real-time sync is not supported
* Updates are pushed during execution
***
#### Validation and Logs
* Only supported fields are available for mapping
* Validation ensures correct updates
* Logs include success and failure details
***
#### Conflict Handling
* The system that syncs last takes precedence
* Behavior depends on automation timing
***
#### Sync Results
* Updates reflect in both Asset Panda and Intune
* Eliminates manual updates across systems
### Microsoft Intune Fields and Mapping Guidance
| Field Name | Description | Mapping & Filtering Guidance |
| ----------------------------------- | -------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------- |
| Intune Device ID | A unique, system-assigned identifier for each Intune-managed device. | Recommended as the Unique Identifier for matching records. |
| Serial Number | Manufacturer-assigned serial number of the device. | Can be used as a Unique Identifier if consistently populated and marked unique in Asset Panda. |
| IMEI | Identifier for mobile/cellular devices. | Optional; applicable mainly to mobile devices. May be blank for desktops. |
| MEID | Alternate mobile device ID. | Similar use as IMEI. Use only if populated reliably. |
| Wi-Fi MAC | MAC address of the device's wireless interface. | Optional; may not be consistently available or unique. |
| EAS Device ID | Exchange ActiveSync identifier. | Typically used in Exchange environments only. |
| Device Name | User-assigned or system-generated device name. | Not suitable as a Unique Identifier. May change over time. |
| Primary User Name | Username of the device’s primary user. | Useful for reference; not for identity matching. |
| Primary User Email | Email of the device’s primary user. | Use for reporting; avoid using as a Unique Identifier. |
| User Display Name | Full name of the assigned user. | Display-only value. Not unique or stable. |
| User Principal Name (UPN) | Azure AD login name (e.g., ). | Good for user tracking. Not unique to the device. |
| User ID | Azure AD object ID of the user. | Tied to the user, not the device. Avoid for device-level identity. |
| Phone Number | Phone number linked to the device. | Often blank or reused. Not reliable for matching. |
| Ownership | Indicates if device is corporate or personal. | Use for filtering by ownership type. |
| Device Manufacturer | Brand/vendor of the hardware (e.g., Apple, Dell). | Use for categorization or filtering. Not unique. |
| Model | Device model (e.g., iPhone 13, Dell XPS). | Useful for classification. Not recommended for identity matching. |
| OS / OS Version | Operating system and version installed. | Use for grouping or reporting. Not a unique value. |
| Compliance | Device compliance status based on Intune policies. | Use for filtering compliant vs non-compliant devices. |
| Category | Custom label defined in Intune. | Optional metadata; use as needed for filtering. |
| Device Enrollment Type | Method used for enrollment (e.g., manual, automatic). | Use for filtering enrollment method. |
| Device Registration State | Registration status in Entra ID. | Informational. Do not use for identity. |
| Management Agent | Agent type used to manage the device. | Use for internal classification. |
| Microsoft Entra Registered | Indicates if device is registered in Microsoft Entra ID. | Boolean value; not suitable as Unique Identifier. |
| Partner Threat State | Threat level reported from partner solutions. | Use for security reporting; not identity. |
| Encrypted / Supervised / Jailbroken | Security posture indicators. | Use for compliance visibility. Not identity fields. |
| EAS Activation Date | Date when Exchange ActiveSync was activated. | Timestamp field. Not stable. |
| Free / Total Storage Space | Storage metrics in bytes. | Volatile fields. Use for reporting only. |
| Last Successful Sync Date | Timestamp of last successful sync with Intune. | Changing value. Do not use for matching. |
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://prohelp.assetpanda.com/integrations-store/device-management/microsoft-intune-integration.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.